Full-Time

Staff Application Security Engineer

Posted on 4/2/2025

Deadline 5/16/25
CVS Health

CVS Health

10,001+ employees

Healthcare, insurance, PBM, and retail pharmacy

Compensation Overview

$130.3k - $284.3k/yr

+ Bonus + Commission + Short-term Incentive Program + Equity Award Program

Company Historically Provides H1B Sponsorship

Boston, MA, USA + 3 more

More locations: Providence, RI, USA | Hartford, CT, USA | New York, NY, USA

Hybrid

This position is hybrid, with potential in-office requirements in Rhode Island.

Category
IT & Security (1)
Required Skills
PowerShell
Kubernetes
Microsoft Azure
Python
JavaScript
Java
Docker
C#
AWS
C/C++
Google Cloud Platform

Get referred to CVS Health

Find people who can refer or advise you

Requirements
  • 7+ years of experience in developing and deploying security technologies.
  • Proficiency in Public Cloud (AWS/Azure/GCP) & Network Security.
  • Experience with Docker, Kubernetes, Security-as-Code, and Infrastructure-as-Code.
  • Experience with one or more general-purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, Shell Script, PowerShell.
  • Strong experience with implementing and managing data protection measures and compliance with data protection regulations (e.g., GDPR, CCPA).
  • Proven track record in leading security initiatives from inception through to successful deployment, demonstrating exceptional project management skills and the ability to navigate complex stakeholder landscapes.
Responsibilities
  • Develop and enforce engineering security policies and standards.
  • Develop and enforce data security policies and standards.
  • Drive security awareness across the organization.
  • Lead the development and enforcement of comprehensive security policies and standards, integrating advanced security practices throughout the software development lifecycle to mitigate risks and align with industry-leading security protocols.
  • Collaborate with Engineering and Business teams to develop secure engineering practices.
  • Act as a pivotal security leader, driving the integration of secure engineering practices across the organization while liaising with senior management to ensure a cohesive security strategy that aligns with business objectives.
  • Analyze, develop, and configure security solutions across multi-cloud, on-premises, and colocation environments, ensuring application security, integrity, confidentiality, and availability of data.
  • Lead security testing, vulnerability analysis, and documentation.
  • Spearhead the evaluation and strategic deployment of cutting-edge security solutions, emphasizing scalability, performance, and adaptability, to fortify the organization's defense against evolving threats.
  • Participate in operational on-call duties to support a 24/7 infrastructure across multiple regions and environments (cloud, on-premises, colocation).
  • Lead by example in incident response situations, orchestrating rapid and effective responses while leveraging these experiences to bolster future resilience and response strategies.
  • Demonstrated leadership skills with developing a comprehensive mentorship program for junior engineers, including organizing regular training sessions to elevate the team's technical and security skills. This role requires a commitment to fostering a culture of continuous improvement and knowledge sharing.
  • Proven track record with participation in security research and the exploration of next-generation security tools and practices. This includes encouraging the team to engage with the wider security community, contributing to open-source projects, and staying well-informed of emerging threats and innovative defense mechanisms.
  • Play a key role in the strategic planning of the organization's security roadmap, including conducting thorough risk assessments, allocating budgets for security initiatives, and aligning long-term security strategies with overarching business goals. This responsibility includes advocating for security within the company and ensuring that security considerations are paramount in all technology decisions.
Desired Qualifications
  • Strong technical expertise with Architecting Public Cloud solutions and processes.
  • Strong technical expertise with Networking and Software-Defined Networking (SDN) principles.
  • Strong technical expertise with developing and interpreting Network, Sequence, and Dataflow diagrams.
  • Experience with direct, remote, and virtual teams.
  • Understanding of at least one compliance framework (HIPAA, HITRUST, PCI, NIST, CSA).
  • Strong technical expertise with security solutions for data warehouses and big data platforms, particularly with technologies like Snowflake.
  • Strong technical expertise in defining and implementing cyber resilience standards, policies, and programs for distributed cloud and network infrastructure, ensuring robust redundancy and system reliability.
  • Experience in influencing industry security standards and contributing to open-source projects or security communities, highlighting a broader impact beyond the immediate organization.

CVS Health operates as a diversified health services company in the United States, organized into Health Care Benefits, Pharmacy & Consumer Wellness, and Health Services. Its offerings include medical insurance products, retail and mail-order prescription drugs, and pharmacy benefit management (PBM) services, all connected through its integrated platform. By combining insurance, retail pharmacy, PBM, and health solutions, CVS Health coordinates care and controls costs across touchpoints for individuals, employers, and government programs. The company aims to lower health care costs while improving access and health outcomes for customers.

Company Size

10,001+

Company Stage

IPO

Headquarters

Woonsocket, Rhode Island

Founded

1963

Get referred to CVS Health

Find people who can refer or advise you

Simplify Jobs

Simplify's Take

What believers are saying

  • Aetna margins recovery drove Q1 2026 operating income up $1.2B year-over-year
  • Raised full-year 2026 EPS guidance to $7.30–$7.50 after Q1 revenue hit $100.4B
  • Exited ACA loss plans eliminating $350M–$400M annual losses, improving medical benefit ratio to 87.3%

What critics are saying

  • CMS Medicare Advantage rate shock forces 5–10% membership trim with high margin erosion in 6–12 months
  • House Judiciary Committee alleges CVS Caremark blocks innovation via network controls, risking regulatory action in 12–18 months
  • Amazon Pharmacy and Walmart undercut CVS's $32B quarterly retail revenue base with high market-share gains in 12–24 months

What makes CVS Health unique

  • Integrates 9,000 retail pharmacies, 1,000 clinics, and 88M PBM members for 185M consumer reach
  • Launches Health100 AI platform in 2026 to proactively anticipate member health needs continuously
  • Resolves 75% of pharmacy interactions via AI assistant, cutting phone call costs significantly

Help us improve and share your feedback! Did you find this helpful?

Benefits

Health Insurance

Dental Insurance

Vision Insurance

Life Insurance

Disability Insurance

401(k) Retirement Plan

Company Equity

Wellness Program

Professional Development Budget

Paid Vacation

Paid Holidays

Company News

PR Newswire
Mar 30th, 2026
CVS opens first pharmacy-only location in Chicago, plans nearly 20 this year

CVS Health has opened its first pharmacy-only location in Chicago, part of plans to launch nearly 20 such sites across the US this year. The 3,000-square-foot store at 2628 West Pershing Road features a full-service pharmacy with selected over-the-counter products. The pharmacy-only format is designed to increase access to medications, immunizations and pharmacist consultations in underserved communities. Additional locations are planned for Houston, Roxbury, Detroit and Brooklyn in 2026, alongside more than 40 traditional CVS Pharmacy stores. The move responds to consumer preferences, with CVS's 2025 research showing 80% of patients prefer face-to-face pharmacy care and 48% would switch pharmacies if limited to digital-only options. The company opened its first pharmacy-only site in Birmingham, Alabama, late last year.

Yahoo Finance
Mar 26th, 2026
CVS settles FTC insulin pricing probe as regulatory scrutiny of pharmacy benefit manager intensifies

CVS Health has reached a proposed settlement with the Federal Trade Commission over insulin pricing practices at its Caremark pharmacy benefit manager unit. The company also declared a quarterly dividend of $0.665 per share, payable on 4 May 2026. The settlement places CVS's pharmacy benefit management model under increased regulatory scrutiny regarding drug cost transparency. The company's investment narrative centres on its integrated model across insurance, pharmacy and care delivery, with near-term focus on restoring profitability in healthcare delivery and PBM services. CVS recently appointed former Elevance Health CFO John E. Gallina to its board as an audit committee financial expert. The company's narrative projects $445.5 billion revenue and $10.2 billion earnings by 2029, implying a fair value of $96.50 per share.

Yahoo Finance
Mar 23rd, 2026
Bernstein upgrades CVS Health to Outperform with $94 price target amid Medicare Advantage turnaround

Bernstein analyst Lance Wilkes upgraded CVS Health to "Outperform" from "Market Perform" on 12 March, raising the price target to $94 from $91. The upgrade reflects the company's attractive exposure to the Medicare Advantage turnaround and expectations of stable earnings in its pharmacy and pharmacy benefit manager businesses following reforms. Wilkes cited the PBM bill passage and the Federal Trade Commission settlement with Cigna as clearing events for the stock. Separately, CVS Health announced a strategic partnership with Google Cloud focused on reimagining healthcare experiences through its new health technology subsidiary, Health100, which will offer AI-powered healthcare services. CVS Health operates as a diversified healthcare company combining insurance, pharmacy benefit management, retail pharmacies and clinical services across the United States.

Yahoo Finance
Mar 13th, 2026
CVS Health's Aetna unit pays $117.7M to settle Medicare Advantage fraud allegations

Aetna, a CVS Health subsidiary, has agreed to pay $117.7 million to the US Department of Justice to settle allegations that it submitted inaccurate diagnosis codes for Medicare Advantage members to increase reimbursements. The settlement resolves longstanding False Claims Act allegations related to the Medicare Advantage programme. CVS Health shares recently closed at $76.07, down 5.1% year-to-date, though up 20.1% over the past year. The settlement is material for the company, which has thin net margins of 0.4% and debt not well covered by operating cash flow. The agreement highlights compliance risks in CVS Health's government-facing insurance operations, a central part of its Medicare Advantage business. Analysts' average target price stands at $96.50, approximately 27% above current levels.

Yahoo Finance
Mar 7th, 2026
Alphabet faces wrongful death lawsuit over Gemini AI chatbot while expanding healthcare partnership with CVS

Alphabet faces a wrongful death lawsuit alleging its Gemini AI chatbot contributed to a user's suicide, reportedly the first legal case directly linking Google's AI tools to a death. Simultaneously, the company announced a healthcare AI partnership with CVS Health focused on a real-time consumer engagement platform. The contrasting developments underscore Alphabet's expanding role in high-stakes sectors. The CVS collaboration integrates Gemini into Health100, a platform handling personal interactions across insurers, pharmacies and care providers. Meanwhile, the lawsuit tests whether conversational AI design and crisis protocols carry a duty of care, even outside formal healthcare settings. For investors, the key questions centre on how Alphabet manages legal risk, establishes guardrails and navigates regulatory oversight as its AI tools penetrate sectors requiring heightened safety and compliance standards.

INACTIVE